<?
/*
Bitsand - a web-based booking system for LRP events
Copyright (C) 2006, 2007 Russell Peter Phillips

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

include ('inc_head_db.php');
include ('inc_forms.php');

//Initialise $sWarn
$sWarn = '';

if ($_POST ['btnSubmit'] != '') {
	//Run OOC_Check to perform data validation
	$sWarn = OOC_Check ();

	//Update database
	$key = CRYPT_KEY;
	//Build up date of birth in YYYYMMDD format
	$dob = (int) $_POST ['selDobYear'];
	if ($_POST ['selDobMonth'] < 10)
		$dob .= '0';
	$dob .= (int) $_POST ['selDobMonth'];
	if ($_POST ['selDobDate'] < 10)
		$dob .= '0';
	$dob .= (int) $_POST ['selDobDate'];

	//Set up UPDATE query
	$sql = "UPDATE players SET plFirstName = AES_ENCRYPT('" . $_POST ['txtFirstName'] . "', '$key'), " .
		"plSurname = AES_ENCRYPT('" . $_POST ['txtSurname'] . "', '$key'), " .
		"plAddress1 = AES_ENCRYPT('" . $_POST ['txtAddress1'] . "', '$key'), " .
		"plAddress2 = AES_ENCRYPT('" . $_POST ['txtAddress2'] . "', '$key'), " .
		"plAddress3 = AES_ENCRYPT('" . $_POST ['txtAddress3'] . "', '$key'), " .
		"plAddress4 = AES_ENCRYPT('" . $_POST ['txtAddress4'] . "', '$key'), " .
		"plPostcode = AES_ENCRYPT('" . $_POST ['txtPostcode'] . "', '$key'), " .
		"plTelephone = AES_ENCRYPT('" . $_POST ['txtPhone'] . "', '$key'), " .
		"plMobile = AES_ENCRYPT('" . $_POST ['txtMobile'] . "', '$key'), " .
		"plEmail = AES_ENCRYPT('" . $_POST ['txtEmail'] . "', '$key'), " .
		"plDOB = AES_ENCRYPT('$dob', '$key'), " .
		"plMedicalInfo = AES_ENCRYPT('" . $_POST ['txtMedicalInfo'] . "', '$key'), " .
		"plEmergencyName = AES_ENCRYPT('" . $_POST ['txtEmergencyName'] . "', '$key'), " .
		"plEmergencyNumber = AES_ENCRYPT('" . $_POST ['txtEmergencyNumber'] . "', '$key'), " .
		"plEmergencyRelationship = AES_ENCRYPT('" . $_POST ['txtEmergencyRelationship'] . "', '$key'), " .
		"plCarRegistration = AES_ENCRYPT('" . $_POST ['txtCarRegistration'] . "', '$key'), " .
		"plDietary = AES_ENCRYPT('" . $_POST ['selDiet'] . "', '$key'), " .
		"plBookAs = AES_ENCRYPT('" . $_POST ['selBookAs'] . "', '$key') " .
		"WHERE plPlayerID = $PLAYER_ID";

	//Run UPDATE query
	if (mysqli_query ($link, $sql)) {
		//Query should affect exactly one row. Log a warning if it affected more
		if (mysqli_affected_rows ($link) > 1)
			LogWarning ("More than one row updated during OOC update. Player ID: $PLAYER_ID");
		//Do not redirect if there are any warnings (required fields not filled in, etc)
		if ($sWarn == '') {
			//Make up URL
			$sHost = $_SERVER['HTTP_HOST'];
			$sURI = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
			$sFile = 'start.php?green=' . urlencode ('Your OOC details have been updated');
			header ("Location: http://$sHost$sURI/$sFile");
		}
	}
	else {
		$sWarn = "There was a problem updating your OOC details";
		LogError ("Error updating OOC information. Player ID: $PLAYER_ID");
	}
}

//Get existing details if there are any
$key = CRYPT_KEY;
$sql = "SELECT AES_DECRYPT(plFirstName, '$key') AS dFirstName, " .
	"AES_DECRYPT(plSurname, '$key') AS dSurname, " .
	"AES_DECRYPT(plAddress1, '$key') AS dAddress1, " .
	"AES_DECRYPT(plAddress2, '$key') AS dAddress2, " .
	"AES_DECRYPT(plAddress3, '$key') AS dAddress3, " .
	"AES_DECRYPT(plAddress4, '$key') AS dAddress4, " .
	"AES_DECRYPT(plPostcode, '$key') AS dPostcode, " .
	"AES_DECRYPT(plTelephone, '$key') AS dTelephone, " .
	"AES_DECRYPT(plMobile, '$key') AS dMobile, " .
	"AES_DECRYPT(plEmail, '$key') AS dEmail, " .
	"AES_DECRYPT(plDOB, '$key') AS dDOB, " .
	"AES_DECRYPT(plMedicalInfo, '$key') AS dMedicalInfo, " .
	"AES_DECRYPT(plEmergencyName, '$key') AS dEmergencyName, " .
	"AES_DECRYPT(plEmergencyNumber, '$key') AS dEmergencyNumber, " .
	"AES_DECRYPT(plEmergencyRelationship, '$key') AS dEmergencyRelationship, " .
	"AES_DECRYPT(plCarRegistration, '$key') AS dCarRegistration, " .
	"AES_DECRYPT(plDietary, '$key') AS dDietary, " .
	"AES_DECRYPT(plBookAs, '$key') AS dBookAs" .
	" FROM players WHERE plPlayerID = $PLAYER_ID";
$result = mysqli_query ($link, $sql);
$row = mysqli_fetch_assoc ($result);

include ('inc_head_html.php');
?>

<h1><?=TITLE?> - OOC Details</h1>

<?
if ($sWarn != '')
	echo "<p class = 'warn'>$sWarn</p>";
?>

<p>
<i>Required fields are <span class = "req_colour">shaded</span></i>. Details will appear on your character card <i>exactly</i> as you type them - if you don't use capitals, capitals won't appear on your character card.
</p>

<form action = 'ooc_form.php' method = 'post'>

<table><tr>
<td>First name:</td>
<td><input type = "text" class = "required" name = "txtFirstName" value = "<?=htmlentities (stripslashes ($row ['dFirstName']))?>"></td>
</tr><tr>
<td>Surname:</td>
<td><input type = "text" class = "required" name = "txtSurname" value = "<?=htmlentities (stripslashes ($row ['dSurname']))?>"></td>
</tr><tr><td colspan = "2">&nbsp;</td></tr><tr>
<td>Address:</td>
<td><input type = "text" class = "required" name = "txtAddress1" value = "<?=htmlentities (stripslashes ($row ['dAddress1']))?>"><br>
<input type = "text" class = "text" name = "txtAddress2" value = "<?=htmlentities (stripslashes ($row ['dAddress2']))?>"><br>
<input type = "text" class = "text" name = "txtAddress3" value = "<?=htmlentities (stripslashes ($row ['dAddress3']))?>"><br>
<input type = "text" class = "text" name = "txtAddress4" value = "<?=htmlentities (stripslashes ($row ['dAddress4']))?>"></td>
</tr><tr><td colspan = "2">&nbsp;</td></tr><tr>
<td>Postcode:</td>
<td><input type = "text" class = "text" name = "txtPostcode" value = "<?=htmlentities (stripslashes ($row ['dPostcode']))?>"></td>
</tr><tr>
<td>Telephone number:</td>
<td><input type = "text" class = "text" name = "txtPhone" value = "<?=htmlentities (stripslashes ($row ['dTelephone']))?>"></td>
</tr><tr>
<td>Mobile number:</td>
<td><input type = "text" class = "text" name = "txtMobile" value = "<?=htmlentities (stripslashes ($row ['dMobile']))?>"></td>
</tr><tr>
<td>E-mail address:</td>
<td><input type = "text" class = "required" name = "txtEmail" value = "<?=htmlentities (stripslashes ($row ['dEmail']))?>"></td>
</tr><tr>
<td colspan = "2">&nbsp;</td>
</tr><tr>
<td>Date of birth:</td>
<td>

<?
$sDoB = $row ['dDOB'];
if ($sDoB != '') {
	$iDobYear = substr ($sDoB, 0, 4);
	$iMonth = substr ($sDoB, 4, 2);
	$iDate = substr ($sDoB, 6, 2);
	$iYear = getdate ();
	$iYear = $iDobYear - $iYear ['year'];
	DatePicker ('Dob', $iYear, $iMonth, $iDate);
}
else
	DatePicker ('Dob', -25);
?>

</td>
</tr><tr>
<td>Medical information:</td>
<td><textarea class = "text" name = "txtMedicalInfo">
<?=htmlentities (stripslashes ($row ['dMedicalInfo']))?>
</textarea></td>
</tr><tr>
<td colspan = "2">&nbsp;</td>
</tr><tr>
<td>Emergency contact name:</td>
<td><input type = "text" class = "required" name = "txtEmergencyName" value = "<?=htmlentities (stripslashes ($row ['dEmergencyName']))?>"></td>
</tr><tr>
<td>Emergency contact number:</td>
<?
if ($row ['dEmergencyNumber'] == '')
	$sValue = '("On site" is OK)';
else
	$sValue = $row ['dEmergencyNumber'];
?>
<td><input type = "text" class = "required" name = "txtEmergencyNumber" value = '<?=htmlentities (stripslashes ($sValue))?>'></td>
</tr><tr>
<td>Relationship to emergency contact:</td>
<td><input type = "text" class = "required" name = "txtEmergencyRelationship" value = "<?=htmlentities (stripslashes ($row ['dEmergencyRelationship']))?>"></td>
</tr><tr>
<td colspan = "2">&nbsp;</td>
</tr><tr>
<td>Car registration:</td>
<?
if ($row ['dCarRegistration'] == '')
	$sValue = 'Enter NA if you do not drive';
else
	$sValue = $row ['dCarRegistration'];
?>
<td><input type = "text" class = "required" name = "txtCarRegistration" value = '<?=htmlentities (stripslashes ($sValue))?>'></td>
</tr><tr>
<td>Dietary requirements:</td>
<td><select name = "selDiet" class = "req_colour">
<?
if ($row ['dDietary'] == '')
	$sValue = 'Select one';
else
	$sValue = $row ['dDietary'];
$asOptions = array ('Select one', 'Omnivore', 'Vegetarian', 'Vegan', 'Other/allergy (details in Medical Information box)');
foreach ($asOptions as $sOption) {
	echo "<option value = '$sOption'";
	if ($sOption == $sValue)
		echo ' selected';
	echo ">$sOption</option>\n";
}
?>
</select>
</td>
</tr><tr>
<td>Booking as:</td>
<td><select name = "selBookAs" class = "req_colour">
<?
if ($row ['dBookAs'] == '')
	$sValue = 'Select one';
else
	$sValue = $row ['dBookAs'];
$asOptions = array ('Select one', 'Player', 'Monster', 'Staff');
foreach ($asOptions as $sOption) {
	echo "<option value = '$sOption'";
	if ($sOption == $sValue)
		echo ' selected';
	echo ">$sOption</option>\n";
}
?>
</select></td>
</tr>
<tr><td colspan = '2'>&nbsp;</td></tr>
<tr><td class = 'mid'><input type = 'submit' value = "Submit" name = "btnSubmit"></td>
<td class = 'mid'><input type = 'reset'></td></tr>
</table>

</form>

<?
include ('inc_foot.php');
?>
